Commit 8570978e authored by Joerg Roedel's avatar Joerg Roedel Committed by Borislav Petkov

x86/boot/compressed/64: Don't pre-map memory in KASLR code

With the page-fault handler in place, he identity mapping can be built
on-demand. So remove the code which manually creates the mappings and
unexport/remove the functions used for it.
Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/20200907131613.12703-18-joro@8bytes.org
parent ca0e22d4
...@@ -87,11 +87,9 @@ phys_addr_t physical_mask = (1ULL << __PHYSICAL_MASK_SHIFT) - 1; ...@@ -87,11 +87,9 @@ phys_addr_t physical_mask = (1ULL << __PHYSICAL_MASK_SHIFT) - 1;
static struct x86_mapping_info mapping_info; static struct x86_mapping_info mapping_info;
/* /*
* Adds the specified range to what will become the new identity mappings. * Adds the specified range to the identity mappings.
* Once all ranges have been added, the new mapping is activated by calling
* finalize_identity_maps() below.
*/ */
void add_identity_map(unsigned long start, unsigned long size) static void add_identity_map(unsigned long start, unsigned long size)
{ {
unsigned long end = start + size; unsigned long end = start + size;
......
...@@ -397,8 +397,6 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size, ...@@ -397,8 +397,6 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
*/ */
mem_avoid[MEM_AVOID_ZO_RANGE].start = input; mem_avoid[MEM_AVOID_ZO_RANGE].start = input;
mem_avoid[MEM_AVOID_ZO_RANGE].size = (output + init_size) - input; mem_avoid[MEM_AVOID_ZO_RANGE].size = (output + init_size) - input;
add_identity_map(mem_avoid[MEM_AVOID_ZO_RANGE].start,
mem_avoid[MEM_AVOID_ZO_RANGE].size);
/* Avoid initrd. */ /* Avoid initrd. */
initrd_start = (u64)boot_params->ext_ramdisk_image << 32; initrd_start = (u64)boot_params->ext_ramdisk_image << 32;
...@@ -416,15 +414,11 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size, ...@@ -416,15 +414,11 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
cmd_line_size = strnlen((char *)cmd_line, COMMAND_LINE_SIZE-1) + 1; cmd_line_size = strnlen((char *)cmd_line, COMMAND_LINE_SIZE-1) + 1;
mem_avoid[MEM_AVOID_CMDLINE].start = cmd_line; mem_avoid[MEM_AVOID_CMDLINE].start = cmd_line;
mem_avoid[MEM_AVOID_CMDLINE].size = cmd_line_size; mem_avoid[MEM_AVOID_CMDLINE].size = cmd_line_size;
add_identity_map(mem_avoid[MEM_AVOID_CMDLINE].start,
mem_avoid[MEM_AVOID_CMDLINE].size);
} }
/* Avoid boot parameters. */ /* Avoid boot parameters. */
mem_avoid[MEM_AVOID_BOOTPARAMS].start = (unsigned long)boot_params; mem_avoid[MEM_AVOID_BOOTPARAMS].start = (unsigned long)boot_params;
mem_avoid[MEM_AVOID_BOOTPARAMS].size = sizeof(*boot_params); mem_avoid[MEM_AVOID_BOOTPARAMS].size = sizeof(*boot_params);
add_identity_map(mem_avoid[MEM_AVOID_BOOTPARAMS].start,
mem_avoid[MEM_AVOID_BOOTPARAMS].size);
/* We don't need to set a mapping for setup_data. */ /* We don't need to set a mapping for setup_data. */
...@@ -433,11 +427,6 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size, ...@@ -433,11 +427,6 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
/* Enumerate the immovable memory regions */ /* Enumerate the immovable memory regions */
num_immovable_mem = count_immovable_mem_regions(); num_immovable_mem = count_immovable_mem_regions();
#ifdef CONFIG_X86_VERBOSE_BOOTUP
/* Make sure video RAM can be used. */
add_identity_map(0, PMD_SIZE);
#endif
} }
/* /*
...@@ -884,19 +873,8 @@ void choose_random_location(unsigned long input, ...@@ -884,19 +873,8 @@ void choose_random_location(unsigned long input,
warn("Physical KASLR disabled: no suitable memory region!"); warn("Physical KASLR disabled: no suitable memory region!");
} else { } else {
/* Update the new physical address location. */ /* Update the new physical address location. */
if (*output != random_addr) { if (*output != random_addr)
add_identity_map(random_addr, output_size);
*output = random_addr; *output = random_addr;
}
/*
* This loads the identity mapping page table.
* This should only be done if a new physical address
* is found for the kernel, otherwise we should keep
* the old page table to make it be like the "nokaslr"
* case.
*/
finalize_identity_maps();
} }
......
...@@ -98,17 +98,7 @@ static inline void choose_random_location(unsigned long input, ...@@ -98,17 +98,7 @@ static inline void choose_random_location(unsigned long input,
#endif #endif
#ifdef CONFIG_X86_64 #ifdef CONFIG_X86_64
void initialize_identity_maps(void);
void add_identity_map(unsigned long start, unsigned long size);
void finalize_identity_maps(void);
extern unsigned char _pgtable[]; extern unsigned char _pgtable[];
#else
static inline void initialize_identity_maps(void)
{ }
static inline void add_identity_map(unsigned long start, unsigned long size)
{ }
static inline void finalize_identity_maps(void)
{ }
#endif #endif
#ifdef CONFIG_EARLY_PRINTK #ifdef CONFIG_EARLY_PRINTK
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment